Method and System for Addressing Intrusion Attacks on a Computer System

2. The computerized method of claim 1 , wherein the corresponding predetermined numerical attack severity ratings are selected from the group consisting of the numbers 25, 50, 75, and 100.

3. The computerized method of claim 1 , wherein the corresponding predetermined numerical signature fidelity ratings are based on at least one of the factors selected from the group consisting of: the operating system of the computer; the service availability, the service application, and the version.

4. The computerized method of claim 1 , wherein the attack relevance rating has a value ranging from 77 to 127.

5. The computerized method of claim 1 , wherein the target value rating is selected from the group consisting of 90, 95, 100, 105, and 110.

6. The computerized method of claim 1 , wherein responding to the attack based on the risk rating comprises at least one of the actions selected from the group consisting of: providing an alert if the risk rating exceeds a first particular value; logging the at least one packet if the risk rating exceeds a second particular value; and denying data flow to the computer if the risk rating exceeds a third particular value.

7. The computerized method of claim 1 , wherein responding to the attack based on the risk rating comprises performing one of a plurality of sets of actions based on the risk rating.

8. A computerized method for addressing intrusion attacks directed at a computer, the method comprising: receiving at least one packet corresponding to a potential attack on the computer; calculating a risk rating for the potential attack by: determining an attack severity rating indicative of the potential severity of the potential attack; determining a signature fidelity rating indicative of the likelihood the potential attack will affect the computer in the absence of knowledge regarding the computer; determining an attack relevance rating indicative of the relevance of the potential attack to the computer; determining a target value rating indicative of the perceived value of the computer; and calculating the risk rating as a function of the attack severity rating, the signature fidelity rating, the attack relevance rating, and the target value rating; and responding to the potential attack based on the calculated risk rating.

9. The computerized method of claim 8 , wherein determining an attack severity rating indicative of the potential severity of the potential attack comprises comparing the type of potential attack to stored information having a plurality of attacks with corresponding predetermined numerical attack severity ratings.

10. The computerized method of claim 8 , wherein determining a signature fidelity rating indicative of the likelihood the potential attack will affect the computer in the absence of knowledge regarding the computer comprises comparing the type of potential attack to stored information having a plurality of attacks with corresponding predetermined numerical signature fidelity ratings.

11. The computerized method of claim 8 , wherein determining an attack relevance rating indicative of the relevance of the potential attack to the computer comprises determining the attack relevance rating based on an operating system of the computer, a service availability of the computer, an application running at the service port of the computer, and the version of the application.

13. The computerized method of claim 8 , wherein responding to the attack based on the risk rating comprises performing one of a plurality of sets of actions based on the risk rating.

14. A computerized method for addressing intrusion attacks directed at a computer, the method comprising: receiving a data stream corresponding to a potential attack on the computer; calculating a risk rating for the potential attack by: determining a signature fidelity rating indicative of the likelihood the potential attack will affect the computer in the absence of knowledge regarding the computer, determining at least one component risk rating selected from the group consisting of: an attack relevance rating indicative of the relevance of the potential attack to the computer, and a target value rating indicative of the perceived value of the computer; and calculating the risk rating based on the signature fidelity rating and at least one of the component risk ratings; and responding to the potential attack based on the calculated risk rating.

15. The method of claim 14 , and further comprising determining an attack severity rating indicative of the potential severity of the potential attack and wherein calculating the risk rating comprises calculating the risk rating based on the at least one component risk rating, on the signature fidelity rating, and on the attack severity rating.

16. The method of claim 14 , wherein determining at least one component risk rating comprises determining the attack relevance rating and the target value.

17. The method of claim 16 , wherein calculating the risk rating based on the signature fidelity rating and at least one of the component risk rating comprises wherein calculating the risk rating based on the signature fidelity rating, the attack relevance rating, and the target value.

19. The computerized method of claim 14 , wherein responding to the attack based on the risk rating comprises performing one of a plurality of sets of actions based on the risk rating.

20. A system for addressing intrusion attacks directed at a computer, the system comprising: a software program embodied in a computer readable storage medium, the software program, when executed by a processor, operable to: calculate a risk rating for a data stream received by the system embodying a potential attack by: determining a signature fidelity rating indicative of the likelihood the potential attack will affect the computer in the absence of knowledge regarding the computer, determining at least one component risk rating selected from the group consisting of: an attack relevance rating indicative of the relevance of the potential attack to the computer, and a target value rating indicative of the perceived value of the computer; and calculate the risk rating based on the signature fidelity rating and at least one of the component risk ratings; and initiate a response to the potential attack based on the risk rating.

21. The system of claim 20 , and wherein the software program is further operable to determine an attack severity rating indicative of the potential severity of the potential attack and calculate the risk rating based at least on the at least one component risk rating, on the signature fidelity rating, and on the attack severity rating.

22. The method of claim 20 , wherein the software program is further operable to calculate the risk rating based on the signature fidelity rating, the attack relevance rating, and the target value.

24. The system of claim 20 , wherein the computer program is further operable to perform one of a plurality of sets of actions based on the risk rating.

25. A system for addressing intrusion attacks directed at a computer, the system comprising: means for receiving at least one packet corresponding to a potential attack on the computer; means for calculating a risk rating for the at least one packet by: determining an attack severity rating indicative of the potential severity of the potential attack; determining a signature fidelity rating indicative of the likelihood the potential attack will affect the computer in the absence of knowledge regarding the computer; determining an attack relevance rating indicative of the relevance of the potential attack to the computer; determining a target value rating indicative of the perceived value of the computer; and calculating the risk rating as a function of the attack severity rating, the signature fidelity rating, the attack relevance rating, and the target value rating; and means for responding to the potential attack based on the calculated risk rating; wherein the means for calculating a risk comprises software embodied in a computer readable storage medium and an associated processor for executing the software.